Security
Cortex is built so frontier models can read your repos and open useful PRs — without your code training anyone else's model, leaking across tenants, or shipping without a human in the loop.
Four commitments
Cortex routes work to frontier providers (OpenAI, Google) under their no-training API terms. Your code, prompts, and outputs are not used to train anyone's model — ours or theirs.
Every table is scoped by organization_id. Postgres row-level security blocks reads across tenants, and OAuth tokens are admin-only by RLS — even within an org.
Cortex opens draft pull requests. We never push to your default branch, never approve our own PRs, and never call the merge endpoint. A human always ships.
We request Contents and Pull Requests scopes — not Administration, not Workflows, not Secrets. You choose which repos the app can see, and you can revoke install in one click.
How a run works
We never poll secrets or scan repos outside the install.
We don't read repos the GitHub App isn't installed on.
Every query is filtered by organization_id, top to bottom.
We don't surface another org's code into your prompt.
Routed to frontier providers under enterprise API terms.
We don't fine-tune on your code, ever.
Always opened against a fresh branch, always as a draft.
We don't push to main, force-push, or approve our own PRs.
Data handling
Recommended setup
Cortex never touches your production environment — it works through GitHub, opening draft PRs against the repos you install it on. A well-configured repo is what makes that integration safe in your workflow.
Install Cortex on a staging or mirror repo first, not your primary production repo. It opens draft PRs on whatever it's installed on — get a feel for the output where mistakes cost less.
Require pull requests, status checks, and at least one human approval on your default branch. Never count Cortex as the approver.
Treat the merge as the deploy gate. Run Cortex PRs through the same CI as human PRs — no exemptions.
FAQ
No. Cortex routes inference to frontier providers under their enterprise no-training API terms. Your code, prompts, and outputs are not used to train any model — ours or theirs.
Every table in Cortex is scoped by organization_id. Postgres row-level security policies block any read or write that crosses orgs, and the same is true for OAuth tokens and indexed code.
No. All commits go to a fresh cortex/* branch and pull requests open as drafts. The GitHub App scope omits Administration and Workflows permissions, and no code path calls the merge endpoint.
Uninstall the GitHub App from your org and revoke any other connected integrations. Then email support to fully delete your org's data, including indexed code, embeddings, and run history.
We're an early-stage product and SOC 2 work is on the roadmap, not yet complete. If your team needs an attestation before integrating Cortex into your main repos, get in touch and start with a staging or mirror repo in the meantime.
Email security@cortexengine.dev. Include the org name, the time window, and any artifact (run ID, PR URL) that helps us scope the issue.
Connect a non-production repo in five minutes. Once your team trusts the diffs, scope the install up.